<?php
/*
  $Id: login.php,v 1.17 2003/02/14 12:57:29 dgw_ Exp $

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2002 osCommerce

  Released under the GNU General Public License

  Includes Contribution:
  Access with Level Account (v. 2.2a) for the Admin Area of osCommerce (MS2)

  This file may be deleted if disabling the above contribution
*/

  require('includes/application_top.php');

  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process')) {
    $email_address = tep_db_prepare_input($HTTP_POST_VARS['email_address']);
    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);

// Check if email exists
    $check_admin_query = tep_db_query("select admin_id as login_id, admin_groups_id as login_groups_id, admin_firstname as login_firstname, admin_email_address as login_email_address, admin_password as login_password, admin_modified as login_modified, admin_logdate as login_logdate, admin_lognum as login_lognum from " . TABLE_ADMIN . " where admin_email_address = '" . tep_db_input($email_address) . "'");
    if (!tep_db_num_rows($check_admin_query)) {
      $HTTP_GET_VARS['login'] = 'fail';
    } else {
      $check_admin = tep_db_fetch_array($check_admin_query);
      // Check that password is good
      if (!tep_validate_password($password, $check_admin['login_password'])) {
        $HTTP_GET_VARS['login'] = 'fail';
      } else {
        if (tep_session_is_registered('password_forgotten')) {
          tep_session_unregister('password_forgotten');
        }

        $login_id = $check_admin['login_id'];
        $login_groups_id = $check_admin[login_groups_id];
        $login_firstname = $check_admin['login_firstname'];
        $login_email_address = $check_admin['login_email_address'];
        $login_logdate = $check_admin['login_logdate'];
        $login_lognum = $check_admin['login_lognum'];
        $login_modified = $check_admin['login_modified'];

        tep_session_register('login_id');
        tep_session_register('login_groups_id');
        tep_session_register('login_first_name');

        //$date_now = date('Ymd');
        tep_db_query("update " . TABLE_ADMIN . " set admin_logdate = now(), admin_lognum = admin_lognum+1 where admin_id = '" . $login_id . "'");

        if (($login_lognum == 0) || !($login_logdate) || ($login_email_address == 'admin@localhost') || ($login_modified == '0000-00-00 00:00:00')) {
          tep_redirect(tep_href_link(FILENAME_ADMIN_ACCOUNT));
        } else {
          tep_redirect(tep_href_link(FILENAME_DEFAULT));
        }

      }
    }
  }

  @include(DIR_WS_LANGUAGES . $language . '/' . FILENAME_LOGIN);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo TITLE; ?></title>
<?php require(DIR_FS_TEMPLATE . 'scripts/javascript.php'); ?>
<link rel="stylesheet" href="<?php echo DIR_WS_TEMPLATE ?>css/style.css" type="text/css">
</head>
<body>

<?php require(DIR_FS_TEMPLATE . 'template.php'); ?>

<?php echo tep_draw_form('login', FILENAME_LOGIN, 'action=process'); ?>

<table cellspacing="0" cellpadding="3" width="95%" align="center">
 <tr>
  <td class="Heading1">Login</td>
 </tr>
 <tr>
  <td class="body" style="padding-top: 10px; padding-bottom: 10px;">
   <div>
<?php
 if ($HTTP_GET_VARS['login'] == 'fail') {
  $info_message = TEXT_LOGIN_ERROR;
}
if (isset($info_message)) {
 echo $info_message;
}
?>  
   </div>
  </td>
 </tr>
 <tr>
  <td>
  </td>
 </tr>
 <tr>
  <td class="body">
   <table class="Panel" cellspacing="0" cellpadding="2" border="0">
    <tr>
     <td class="Heading2" colspan="2">&nbsp;Login Details</td>
    </tr>
    <tr>
     <td nowrap class="SmallFieldLabel">&nbsp;&nbsp;&nbsp;Email Address:</td>
     <td>
      <?php echo tep_draw_input_field('email_address'); ?>
     </td>
    </tr>
    <tr>
     <td nowrap class="SmallFieldLabel">&nbsp;&nbsp;&nbsp;Password:</td>
     <td>
      <?php echo tep_draw_password_field('password'); ?>
     </td>
    </tr>
    <tr>
     <td>&nbsp;</td>
     <td>
	<div class="buttons">
    	<button type="submit" class="positive">
        <img src="<?php echo DIR_WS_TEMPLATE ?>images/textfield_key.png" alt=""/> 
        Login
    	</button>
	</div>
     </td>
    </tr>
    <tr>
     <td class="Gap"></td></tr>
    <tr>
     <td>&nbsp;</td>
     <td>
	<div class="buttons">
	<?php echo '<a href="' . tep_href_link(FILENAME_PASSWORD_FORGOTTEN, '', 'SSL') . '">'; ?>
        <img src="<?php echo DIR_WS_TEMPLATE ?>images/icon_padlock.gif" alt=""/> 
        <?php echo TEXT_PASSWORD_FORGOTTEN ?>
    	</a>
	</div>
     </td>
    </tr>
    <tr>
     <td class="Gap"></td>
    </tr>
   </table>
  </td>
 </tr>
</table>
</form>
<table align="center" border="0" cellspacing="0" cellpadding="2">
 <tr>
  <td><?php require(DIR_WS_INCLUDES . 'footer.php'); ?></td>
 </tr>
</table>


</body>

</html>
